Main menu

We’re Upping Our Support to Mobile Browsing

The Tor Project has always fought for freedom of speech and open access to the internet. To do so, it’s essential for us to reach people in areas in the world with heavy online surveillance and censorship, especially those in the Global South.

Most people in these regions only use smartphones to access the internet, and we want to better support these users. So we developed a strategy to do better for folks who have low-bandwidth connections, limited data plans, or who can only connect to the internet through low-end devices.

Eleven percent of smartphone usage around the world in 2014 was mobile browsing, so we knew giving better support to a mobile browser would be critical to this strategy.

Around a year ago, folks from the Tor Project and the Guardian Project met to discuss the future of Tor Browser on mobile devices. The discussion began with Orfox, a Google Summer of Code (GSoC) project for mobile browsing over the Tor network. Since then, we have been working towards Orfox having similar functionality and security guarantees as Tor Browser for desktop.

How we’re bringing Orfox on par with Tor Browser

Our first improvement was to port the Security Slider from Tor Browser desktop to Orfox. To adapt this feature from a desktop application into a mobile application, we had to change how the UI works for the mobile screen.

The Security Slider lets you customize your browsing experience according to the security level you want to have when accessing sites. The higher the level, the more things Tor blocks to give you more security. This also changes your experience of the site. For instance, the site might not show “new posts” notifications on Twitter’s timeline because it has blocked javascript. It also may not load and play a video because some of the required scripts could be used by a skilled adversary to reveal identifying information about you.

The UX Team and the Guardian Project collaborated on this effort iterating on mockups and reviewing UI copies, until there was a version everyone felt was good enough to be build. Once it was up and running as a beta, the UX Team ran a validation test to see if this interface and copy made sense to users. With the help of Amogh, an Orfox developer, we tested our UI with 12 users in India and 3 others in the U.S. We used this feedback to improve our copy and iterate on the slider UI.

This was the first time Tor did a full development cycle following UX best practices, such as being involved with the conceptualization of the UI and performing user testing to validate our hypothesis. Since we don’t collect data on user behavior, we had to build a testing methodology so our community could help us perform these tests with our users. We are now applying UX best practices to all of our development cycles.

Try Out the New Slider

The newest version of Orfox is available from the Google Play store or download the apk installation file from our git repo or get it at F-Droid store. If you use Android, download it or update your current app to check it out. To see what we discussed here, open the settings menu and scroll down to the ‘Orfox Settings’ option.

As always, we want your feedback! You can use the comments below.

There’s more to come

Mobile is becoming a core part of our development thinking at Tor. We will continue to work with Orfox, and when the Tor Browser Team comes up with a new feature, we’ll be thinking how we can make it work on mobile as well. We’ll keep publishing updates like this about our efforts to improve mobile experience, especially for those in the Global South.

A big thank you for the folks who worked on this project: Amogh Pradeep, Thomas Rientjes, Linda Lee, Nathan Freitas and Georg Koppen. o/

gk said back then that they were working on Tor Browser builds for android later this year; can we have any rough idea on when this will be available and whether the Orfox branding will be dropped then? Thank you team o/

I get iPhones are not really low-end market and a lot less popular in southern hemisphere compared to Android, also having a closed source OS... but is Orfox or an official TBB for iOS considered by the team?

Great, as I have been eagerly awaiting simpler security settings! Before, I had to manually tweak site specific NoScript preferences to get some particular pages to work. This helps a lot, and it's working very well for me. It's also nice to read that there are more improvements in the works.

Which is the latest recommended version? I'm seeing five versions including Orfox-1.2.1 (12/2/16) and Orfox-1.4-RC3 (11/4/16). Why is the newest version number not also the newest release date? (I've been going by date and still using 1.2.1)

Also huge thank you for giving attention to android! I know you guys are busy with more important things but it just seems orfox has been a little neglected in the past year or so. Glad to hear that's about to change!

Okay I can see 1.4-RC-3 has the highest version number, but 1.2.1 was released 29 days later. I guess it could be that 1.4 is still an experimental branch, and 1.2.1 is a stable branch that received backports almost a month later, but then I still don't know which one is recommended.

- the slider is a good idea, but not really usable the way it is implemented right now. if it was the same way as on desktop TBB, for example that the middle setting only deactivates Javascript on non-https sites, that would be fine. If even the middle security setting completely disables Javascript (not even letting it enable via NoScript), there's pretty much not a single site in the internet that will work like that. Should be able to enable Javascript for a given site even with the slider not on low.

- Android language setting is leaking into HTTP_ACCEPT header (try on panopticlick.eff.org). Test it for yourself: change Android OS language to anything other than EN_US and it will show. On non-English desktop TBB, the user is specificall asked if they want the site to know their language setting.

- the slider is a good idea, but not really usable the way it is implemented right now. if it was the same way as on desktop TBB, for example that the middle setting only deactivates Javascript on non-https sites, that would be fine. If even the middle security setting completely disables Javascript (not even letting it enable via NoScript), there's pretty much not a single site in the internet that will work like that. Should be able to enable Javascript for a given site even with the slider not on low.

We have been talking about this for a bit now and we got some good ideas that might help solve this problem. Of course, whatever we do, we know we will have to figure out how to make it work on mobile as well :)

- Android language setting is leaking into HTTP_ACCEPT header (try on panopticlick.eff.org). Test it for yourself: change Android OS language to anything other than EN_US and it will show. On non-English desktop TBB, the user is specificall asked if they want the site to know their language setting.

Is there any plan to obscure the IMEI and IMSI numbers? If not, do they present a big threat to keeping your location disguised? A journalist I know gets around this by using a tablet with no SIM card (no IMEI/IMSI to transmit) and a mobile wifi (mifi) hotspot in emergencies or when there is no wifi (as mobile connectivity is better - and presumably the hotspot has an IMSI and IMEI),

Unfortunately the lovely people at Google have implemented massive identity leakage so that through any given network connection, the device is constantly phoning-home to Google's servers. Even on, in my limited experience, Cyanogenmod without Google Play Services... Which is far from OK. Or private. What TOR can do is anonymise you partially through the 'pipe' from your browser to a given point on the internet so that harvesting data and tracking at THAT end is harder to do. Unfortunately Google still sees a data connection coming from your device through whatever network (VPN included) and logs it. So your journalist friend is only halfway there. She needs a device that simply doesn't phone home at all. Or at least without permission. I.e. something like a MAC-spoofed Linux laptop, hardened for security (TAILS leaves traces on a USB stick, even after wiping and formating it - little-known fact, honeypot shortlist fans - may as well use a fast, tiny disposable one that can be broken under the heel with one blow and flushed/burnt in an instant and do these exist on the market? )... and running through TOR and a VPN etc. I'm no expert. Privacy just gets to be a mission in and of itself!

Hey so im trying to use Orfox but every... Lets say month or so it goes from working fine to just not loading any pages whatsoever. I get this "browser has timed out" related message and nothing ever loads more than 1/4th of the way according to the orange load status bar at the top under the address bar.
I also cannot select the "Orfox settings" tab in the dropdown menu. It immediately goes to "the address wasnt understood"

What can i do to fix this besides continually uninstaling and re installing which doesnt always work.

My phone is lg v20 h918 adb rollback 1 and android ver 7.0
Lmk if i need to include anymore info or what i can do to help fix this

Recent Updates

There's a new alpha release available for download. If you build Tor from source, you can download the source code for 0.4.0.1-alpha from the usual place on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release likely by the end of the month.

Remember, this is an alpha release: you should only run this if you'd like to find and report more bugs than usual.

Tor 0.4.0.1-alpha is the first release in the new 0.4.0.x series. It introduces improved features for power and bandwidth conservation, more accurate reporting of bootstrap progress for user interfaces, and an experimental backend for an exciting new adaptive padding feature. There is also the usual assortment of bugfixes and minor features, all described below.

Changes in version 0.4.0.1-alpha - 2019-01-18

Major features (battery management, client, dormant mode):

When Tor is running as a client, and it is unused for a long time, it can now enter a "dormant" state. When Tor is dormant, it avoids network and CPU activity until it is reawoken either by a user request or by a controller command. For more information, see the configuration options starting with "Dormant". Implements tickets 2149 and 28335.

The client's memory of whether it is "dormant", and how long it has spent idle, persists across invocations. Implements ticket 28624.

There is a DormantOnFirstStartup option that integrators can use if they expect that in many cases, Tor will be installed but not used.

Major features (bootstrap reporting):

When reporting bootstrap progress, report the first connection uniformly, regardless of whether it's a connection for building application circuits. This allows finer-grained reporting of early progress than previously possible, with the improvements of ticket 27169. Closes tickets 27167 and 27103. Addresses ticket 27308.

When reporting bootstrap progress, treat connecting to a proxy or pluggable transport as separate from having successfully used that proxy or pluggable transport to connect to a relay. Closes tickets 27100 and 28884.

Tor 0.3.5.7 is the first stable release in its series; it includes compilation and portability fixes, and a fix for a severe problem affecting directory caches. Tor 0.3.4.10 and 0.3.3.11 are also released today; please see the official announcements for those releases if you are tracking older stable versions.

The Tor 0.3.5 series includes several new features and performance improvements, including client authorization for v3 onion services, cleanups to bootstrap reporting, support for improved bandwidth- measurement tools, experimental support for NSS in place of OpenSSL, and much more. It also begins a full reorganization of Tor's code layout, for improved modularity and maintainability in the future. Finally, there is the usual set of performance improvements and bugfixes that we try to do in every release series.

There are a couple of changes in the 0.3.5 that may affect compatibility. First, the default version for newly created onion services is now v3. Use the HiddenServiceVersion option if you want to override this. Second, some log messages related to bootstrapping have changed; if you use stem, you may need to update to the latest version so it will recognize them.

We have designated 0.3.5 as a "long-term support" (LTS) series: we will continue to patch major bugs in typical configurations of 0.3.5 until at least 1 Feb 2022. (We do not plan to provide long-term support for embedding, Rust support, NSS support, running a directory authority, or unsupported platforms. For these, you will need to stick with the latest stable release.)

Below are the changes since 0.3.5.6-rc. For a complete list of changes since 0.3.4.9, see the ReleaseNotes file.

Changes in version 0.3.5.7 - 2019-01-07

Major bugfixes (relay, directory):

Always reactivate linked connections in the main loop so long as any linked connection has been active. Previously, connections serving directory information wouldn't get reactivated after the first chunk of data was sent (usually 32KB), which would prevent clients from bootstrapping. Fixes bug 28912; bugfix on 0.3.4.1-alpha. Patch by "cypherpunks3".